[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication "credentials"

To: Pablo Pernot <ppe@albert.com>
Subject: Re: Replication "credentials"
From: Pierangelo Masarati <masarati@aero.polimi.it>
Date: Wed, 13 Dec 2000 10:58:47 +0100
Cc: OpenLDAP-software@OpenLDAP.org
Organization: Dipartimento di Ingegneria Aerospaziale
References: <3A365C65.2060207@albert.com>

Pablo Pernot wrote:

> Hello all,
>
> I have a master slapd and slave.
>
> I first use plain text passwd like this :
>
> replica host=myhost:389
>          binddn="cn=MyCN,dc=MyDC,dc=MyDC"
>          bindmethod=simple credentials=secret
>
> BVut I wish to use crypt passwd like this :
>
> replica host=myhost:389
>         binddn="cn=MyCN,dc=MyDC,dc=MyDC"
>         bindmethod=simple credentials={CRYPT}GH.76TGNjhG
>
> but it failed. why ?

Because!
You cannot supply crypted credentials, otherwise there would
be no use in crypting them. Maybe you're deceived by the fact
that you can supply crypted credentials to the db administrator
in the slapd.conf file. This is allowed because the credentials
are directly read by the slapd process. But during the
replication process, a ldap client, slurpd, binds to a REMOTE
server, so, for simple bind, a cleartext password must be supplied.

Pierangelo.

--
Dr. Pierangelo Masarati               | voice: +39 02 2399 8365
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy   | http://www.aero.polimi.it/~masarati

References:
- Replication "credentials"
  - From: Pablo Pernot <ppe@albert.com>

Prev by Date: Re: openldap and freebsd
Next by Date: Re: Unique identifiers in the distinguished name
Index(es):
- Chronological
- Thread